Solved

linux router question

Posted on 2009-07-07
5
294 Views
Last Modified: 2012-05-07
I have two networks, 192.168.1 and 192.168.2.

Between them sits a linux box, running iptables.  Actually it's a snapgear 530, but that shouldn't matter, it's just an embedded linux.

I want people on the two networks to be able to access machines on the other, but I don't know how to tell it to do this.
I don't want NAT, FULL access to everything... I'll then restrict stuff with IPTABLES.

I'm just not sure how to tell it to do this?

I do know I need to put a route command on my firewall to tell machines to back up and try the other router.
Thanks
0
Comment
Question by:bennybutler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:mds-cos
ID: 24798402
It is not just a matter of routing.  You need to configure the SnapGear with a second IP address so that it is "on" both network segments.

If the firewall is also providing access to the Internet through the untrust interface ("internet" on a SnapGear), you can set up a second IP address on the LAN interface.  Do this in Advanced IP Configuration from the IP Configuration screen.  You will also need to set up appropriate rules to allow traffic to pass between the two segments.

If the firewall is strictly being used for routing between the segments, you will probably already have the IP addresses set up for the two segments on your LAN and Internet ports.  From here it is a matter of configuring the rules / port forwarding to allow traffic to pass as you want it to.
0
 
LVL 14

Expert Comment

by:mds-cos
ID: 24798428
P.S.  If the firewall is for routing (e.g. one segment on LAN and one on Internet), you would turn off NAT in the Advanced IP Configuration screen as well.
0
 
LVL 1

Author Comment

by:bennybutler
ID: 24798437
Here's where I'm at.
Router is on both networks, 192.168.1.14/192.168.2.14
Gateway on 192.168.1.1 tells all machines to use 2.14 to get to 192.168.2 network.

It works great, any machine on 1 can get to any machine on 2.

Problem is, snapgear wants to play firewall, so anything on 2 wants to be NAT'd to get to 1.  I don't want or need NAT, I just want it to treat the 'internet' interface the same as it does the 'wan' interface.
0
 
LVL 1

Author Comment

by:bennybutler
ID: 24798489
maybe I need to create a reverse of this:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
   12   720 EstabRelFwd  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    6   360 LanFwd     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    0     0 WanFwd     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0          
    0     0 DefDeny    all  --  *      *       0.0.0.0/0            0.0.0.0/
0
 
LVL 14

Accepted Solution

by:
mds-cos earned 50 total points
ID: 24798587
SnapGear it is a purpose built firewall appliance that uses embedded Linux.  So trying to get it to "forget" it is a firewall is not really a supported configuration.  But you should be able to do it.  Having said this, I will suggest that buying a cheap Linksys or Netgear router might work better for you.

I only have access to a SnapGear 550, so am having to assume that your interface is at least similar.  Can you turn off NAT in the Advanced IP Configuration as suggested above?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question